Hackers gateway gaped
SEARCH ENGINE OUTFIT Google has shut down a particularly nasty flaw in its desktop search software that gives hackers access to all a computer's files.
Google says it fixed the defect within weeks of being informed about it and says it has no evidence the vulnerability was ever exploited.
The hole was spotted by security outfit Watchfire, which said that the cross scripting hole exists in 80 percent of web based programmes, but Google's search was particularly vulnerable. This is because Desktop search lets users set Google's indexing and searching capabilities loose on their own computers.
Watchfire said that an attacker could place code on a Google Desktop user's computer using an infected email attachment, take control of the Google Desktop to have a snoop around. Any attack would have gone undetected by firewalls or antivirus software.
A spokesGoogle spokesman Barry Schnitt said the desktop search software gets automatically updated, so users do not need to take any steps to protect themselves. More
here.
The INQuirer
Threaded Mode
